On Tue, Dec 20, 2011 at 01:15:32AM +0100, Christoph Haas wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > http://security-tracker.debian.org/tracker/CVE-2011-2904 > I have extracted a patch using > svn diff -r r20742:r20789 frontends/php/acknow.php > from the upstream sources. > > http://security-tracker.debian.org/tracker/CVE-2011-3263 > I have extracted a patch using > svn diff -r r19527:r19561 > from the upstream sources. > > http://security-tracker.debian.org/tracker/CVE-2011-3265 > I could not determine a proper minimal patch and am waiting for the > upstream developers' support. This issue was fixed in 1.8.6 and thus > does not affect "sid". > > http://security-tracker.debian.org/tracker/CVE-2011-4674 > I could not determine a proper minimal patch and am waiting for the > upstream developers' support. This issue was fixed in 1.8.4 and does not > affect "sid". > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652664 > https://support.zabbix.com/browse/ZBX-4015 > I could not determine a proper minimal patch and am waiting for the > upstream developers' support. For "sid" we can wait for 1.8.10 to have > the issue fixed. > > Would you like to get a minimal patch for the first two issues already? > Or rather wait for the upstream response of the remaining three issues?
Let's rather wait until we have a complete patch set. Thanks, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org